Privacy Policy

1. Introduction

StonkHub ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you create an account, we collect your email address and password (stored securely using industry-standard hashing).
• Payment Information: When you subscribe to a paid plan, payment is processed by Stripe. We do not store your credit card details; Stripe handles all payment data securely.
• Newsletter Subscription: If you subscribe to our daily digest, we collect your email address.

2.2 Information Collected Automatically

• Usage Data: We collect information about how you use our service, including pages visited, features used, and time spent on the platform.
• Device Information: Browser type, operating system, and device identifiers.
• Cookies: We use cookies for session management and to remember your preferences.

3. Public Data We Aggregate

StonkHub aggregates and analyzes publicly available data from the following sources:

• Reddit (r/wallstreetbets): We collect publicly available posts and comments to provide sentiment analysis. We do not access private Reddit data.
• Stock Market Data: We use public APIs (Alpaca, Finnhub) to display stock prices, earnings calendars, and market data.
• SEC Filings: We aggregate publicly available SEC EDGAR filings for insider trading and institutional holdings data.

4. How We Use Your Information

• To provide and maintain our service
• To process your subscription and payments
• To send you the daily WSB digest (if subscribed)
• To personalize your experience (watchlists, alerts)
• To analyze usage patterns and improve our service
• To detect and prevent fraud or abuse
• To comply with legal obligations

5. How We Share Your Information

We do not sell your personal information. We may share data with:

• Stripe: Our payment processor, to handle subscription billing.
• Sentry: For error tracking and performance monitoring (anonymized data).
• Google Analytics: For website analytics (if enabled, anonymized).
• Legal Requirements: When required by law or to protect our rights.

6. Data Retention

We retain your account data as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or business purposes (such as payment records for tax compliance).

7. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (subject to legal requirements)
• Opt out of marketing communications
• Export your data in a portable format

To exercise these rights, contact us at [email protected]

8. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption in transit (HTTPS), secure password hashing, and regular security reviews.

9. Cookies

We use the following types of cookies:

• Essential Cookies: Required for authentication and session management.
• Analytics Cookies: Help us understand how visitors use our site (can be disabled).

You can control cookies through your browser settings.

10. Third-Party Services

Our service integrates with third-party services. Each has their own privacy policies:

• Stripe Privacy Policy
• Sentry Privacy Policy
• Alpaca Markets Disclosures

11. Information for EU/EEA/UK Users (GDPR)

If you are located in the European Union, European Economic Area, or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR.

11.1 Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract: Processing necessary to provide the StonkHub service you signed up for (account management, subscription billing, service delivery).
• Consent: Analytics cookies and marketing communications are only processed with your explicit opt-in consent, which you can withdraw at any time.
• Legitimate Interest: Fraud prevention, security monitoring, and service improvement, where our interests do not override your rights and freedoms.
• Legal Obligation: Retaining financial records as required by tax and accounting regulations.

11.2 Your GDPR Rights

In addition to the rights listed in Section 7, you have the right to:

• Withdraw consent at any time (where processing is based on consent)
• Restrict processing of your personal data
• Object to processing based on legitimate interests
• Data portability (receive your data in a structured, machine-readable format)
• Lodge a complaint with your local Data Protection Authority

11.3 International Data Transfers

Your data is processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for transferring personal data from the EU/EEA/UK to the United States. Our sub-processors (Stripe, PostHog, Sentry) maintain their own data transfer mechanisms compliant with GDPR requirements.

11.4 Data Protection Contact

For GDPR-related inquiries, contact our data protection team at [email protected]. We will respond to your request within 30 days.

12. Information for California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information.

12.1 Categories of Personal Information Collected

• Identifiers: Email address, account name, Reddit username
• Commercial Information: Subscription history, billing records
• Internet Activity: Browsing history on StonkHub, feature usage, search queries
• Inferences: Preferences derived from usage patterns (e.g., watchlisted tickers)

12.2 We Do Not Sell Your Personal Information

StonkHub does not sell, rent, or share your personal information with third parties for monetary or other valuable consideration. We do not participate in data broker arrangements.

12.3 Your CCPA Rights

• Right to Know: Request what personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale or sharing of personal information (we do not sell your data)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights
• Right to Correct: Request correction of inaccurate personal information

12.4 Financial Incentive Disclosure

StonkHub offers free and paid subscription tiers. Paid tiers provide additional features and functionality. The price of paid tiers reflects the value of the additional services provided, not the value of any personal information collected. Free tier users are not required to provide more personal information than paid users.

12.5 How to Exercise Your Rights

To exercise any of these rights, email [email protected] with the subject line "CCPA Request." We will verify your identity before processing your request and respond within 45 days.

13. Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy, please contact us at:

[email protected]